diff --git a/provision/nixos/hosts/torus/configuration.nix b/provision/nixos/hosts/torus/configuration.nix
index 1bc75d62..e176bcf7 100644
--- a/provision/nixos/hosts/torus/configuration.nix
+++ b/provision/nixos/hosts/torus/configuration.nix
@@ -1,5 +1,10 @@
 { config, pkgs, user, lib, ... }:
 {
+  imports = [ 
+    ./wireguard-server.nix
+    ../../modules 
+  ];
+
   nix = {
     package = pkgs.nixFlakes;
     extraOptions = "experimental-features = nix-command flakes";
@@ -118,7 +123,6 @@
   };
 
   # Enable modules
-  imports = [ ../../modules ];
   modules = {
     devel = {
       tooling.enable = true;
@@ -127,7 +131,6 @@
       samba-server.enable = true;
       jellyfin.enable = true;
       syncthing.enable = true;
-      wireguard-server.enable = true;
     };
     system = {
       terminal.enable = true;
diff --git a/provision/nixos/hosts/torus/wireguard-server.nix b/provision/nixos/hosts/torus/wireguard-server.nix
new file mode 100644
index 00000000..f039a55d
--- /dev/null
+++ b/provision/nixos/hosts/torus/wireguard-server.nix
@@ -0,0 +1,52 @@
+{ config, lib, pkgs, ... }:
+{
+  # Enable NAT
+  networking.nat = {
+    enable = true;
+    enableIPv6 = true;
+    externalInterface = "enp4s0";
+    internalInterfaces = [ "wg0" ];
+  };
+  
+  # Open ports in the firewall
+  networking.firewall = {
+    allowedTCPPorts = [ 53 ];
+    allowedUDPPorts = [ 53 51820 ];
+  };
+    
+  networking.wg-quick.interfaces = {
+    # "wg0" is the network interface name. You can name the interface arbitrarily.
+    wg0 = {
+      # Determines the IP/IPv6 address and subnet of the client's end of the tunnel interface
+      address = [ "192.168.2.1/24" ];
+      # The port that WireGuard listens to - recommended that this be changed from default
+      listenPort = 51820;
+      # Path to the server's private key
+      privateKeyFile = "/engi/apps/wireguard/private";
+  
+      # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
+      postUp = ''
+        ${pkgs.iptables}/bin/iptables -A FORWARD -i %i -j ACCEPT 
+        ${pkgs.iptables}/bin/iptables -A FORWARD -o %i -j ACCEPT 
+        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o enp4s0 -j MASQUERADE
+  
+      '';
+  
+      # Undo the above
+      preDown = ''
+        ${pkgs.iptables}/bin/iptables -D FORWARD -i %i -j ACCEPT 
+        ${pkgs.iptables}/bin/iptables -D FORWARD -o %i -j ACCEPT 
+        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o enp4s0 -j MASQUERADE
+      '';
+  
+      peers = [
+        { 
+          # Adjudicator
+          publicKey = "r2/IeYCO1T+l248387wUBoNnc2DK9O8pHcIr/NQqezM=";
+          allowedIPs = [ "192.168.2.2/32" ];
+        }
+        # More peers can be added here.
+      ];
+    };
+  };
+}
diff --git a/provision/nixos/modules/services/default.nix b/provision/nixos/modules/services/default.nix
index aeee625d..ecbd0763 100644
--- a/provision/nixos/modules/services/default.nix
+++ b/provision/nixos/modules/services/default.nix
@@ -1,4 +1,4 @@
 { ... }:
 {
-  imports = [ ./wireguard-server.nix ./syncthing.nix ./samba-server.nix ./samba-client.nix ./jellyfin.nix ./virt-manager.nix ./peripherals.nix ];
+  imports = [ ./syncthing.nix ./samba-server.nix ./samba-client.nix ./jellyfin.nix ./virt-manager.nix ./peripherals.nix ];
 }
diff --git a/provision/nixos/modules/services/wireguard-server.nix b/provision/nixos/modules/services/wireguard-server.nix
deleted file mode 100644
index e6cd3389..00000000
--- a/provision/nixos/modules/services/wireguard-server.nix
+++ /dev/null
@@ -1,57 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-let cfg = config.modules.services.wireguard-server;
-in {
-  options.modules.services.wireguard-server.enable = lib.mkEnableOption "wireguard-server";
-  config = lib.mkIf cfg.enable {
-    # Enable NAT
-    networking.nat = {
-      enable = true;
-      enableIPv6 = true;
-      externalInterface = "enp4s0";
-      internalInterfaces = [ "wg0" ];
-    };
-
-    # Open ports in the firewall
-    networking.firewall = {
-      allowedTCPPorts = [ 53 ];
-      allowedUDPPorts = [ 53 51820 ];
-    };
-      
-    networking.wg-quick.interfaces = {
-      # "wg0" is the network interface name. You can name the interface arbitrarily.
-      wg0 = {
-        # Determines the IP/IPv6 address and subnet of the client's end of the tunnel interface
-        address = [ "192.168.2.1/24" ];
-        # The port that WireGuard listens to - recommended that this be changed from default
-        listenPort = 51820;
-        # Path to the server's private key
-        privateKeyFile = "/engi/apps/wireguard/private";
-
-        # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
-        postUp = ''
-          ${pkgs.iptables}/bin/iptables -A FORWARD -i %i -j ACCEPT 
-          ${pkgs.iptables}/bin/iptables -A FORWARD -o %i -j ACCEPT 
-          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o enp4s0 -j MASQUERADE
-
-        '';
-
-        # Undo the above
-        preDown = ''
-          ${pkgs.iptables}/bin/iptables -D FORWARD -i %i -j ACCEPT 
-          ${pkgs.iptables}/bin/iptables -D FORWARD -o %i -j ACCEPT 
-          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o enp4s0 -j MASQUERADE
-        '';
-
-        peers = [
-          { 
-            # Adjudicator
-            publicKey = "r2/IeYCO1T+l248387wUBoNnc2DK9O8pHcIr/NQqezM=";
-            allowedIPs = [ "192.168.2.2/32" ];
-          }
-          # More peers can be added here.
-        ];
-      };
-    };
-  };
-}